Let us learn how to inject the ADMX policy for Google chrome browser using Intune. Manage & Deploy Chrome ADMX Policies using Intune on Windows 10 devices.
NOTE! – Need to inject ADMX policies for Chrome before deploying any Chrome browser policies.
Table of Contents
Download Chrome ADMX
- Download the Chrome ADMX from Download Google Chrome Bundle.
- Make sure you deploy Google Chrome application GoogleChromeStandaloneEnterprise64.msi (this MSI file is available in the bundle downloaded above). The guide deploying Chrome browser using Intune.
Chrome ADMX File
- Locate Chrome.ADMX file from Chrome\Configuration\admx folder. This file will be used in the below section of the post.
Create Chrome ADMX Injection Policy
- Login to Endpoint.Microsoft.com
- Navigate to Devices – Configuration profiles
- Click on +Create Profile
- Select Platform – Windows 10 and Later
- Select Profile – Custom
- Click on Create
- Enter the Name – Chrome ADMX Ingestion
- Enter the Description – Chrome ADMX Ingestion
- Click on Next
- Click on Add
- Enter the Name – Chrome ADMX Ingestion
- Enter the Description – Chrome ADMX Ingestion
- Enter OMA-URI Value – ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
- Select Data type – String
- Enter the content of Chrome.admx file content (as mentioned in the above section) in the VALUE section.
- Click on Add
- Click on Next
- Select the Scope (Tags)
- Click +Add
- Select Tags -> Test
- Click on Select
- Click OK
Assigment Chrome ADMX Policies using Intune
- On the Assignments page.
- Click on + Select Groups to Include.
- Search for Azure AD Device Group which you want Inject Chrome ADMX policy.
- Click on the group – HTMD Windows Devices.
- Click on the Select button.
- Click on the Next button to continue.
- Applicability Rules – Specify how to apply this profile within an assigned group. Intune will only apply the profile to devices that meet the combined criteria of these rules.
- Click on Create button to complete the deployment of Chrome ADMX policies.
Results & Troubleshooting
You can verify the ADMX injection for the Chrome browser using Intune. The following information might help you to troubleshoot the issue related to ADMX injection on Windows 10 devices.
Intune Portal
- Intune Portal Results
Windows 10 Event Logs
- Windows 10 Event Logs – Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
MDM PolicyManager: ADMX Ingestion: EnrollmentId (D8D5A74A-020E-40F2-BA69-086EDDDD9F08), app name (Chrome), setting type (Policy), unique Id (ChromeAdmx), area (NULL). MDM PolicyManager: ADMX ingestion starting new Admx ingestion. EnrollmentId (D8D5A74A-020E-40F2-BA69-086EDDDD9F08), app name (Chrome), setting type (Policy), unique Id (ChromeAdmx).
Windows 10 Registry
- Registry Entries
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled\D8D5A74A-020E-40F2-BA69-086EDDDD9F08\Chrome\Policy\ChromeAdmx
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault
Video Recording Google Chrome ADMX Injection
Resources
- Microsoft Docs – ADMX https://docs.microsoft.com/en-us/windows/client-management/mdm/win32-and-centennial-app-policy-configuration
- Download Chrome Policies https://support.google.com/chrome/a/answer/9102677?hl=en
- ADMX Concept in details https://docs.microsoft.com/en-us/windows/client-management/mdm/understanding-admx-backed-policies
- Intune Line Of Business Application Google Chrome Deployment
So can we use this to do configure any GPO policies via Intune? I have 200+ laptops that are AzureAD joined only. We are trying to lock them down as almost to be like thin clients. We were using the Multi-App Kiosk policy but this forces “Tablet Mode” which does not work if the user has multiple monitors (most do). I am trying to re-create all the security from this policy manually, but Intune is severely limited.